Troubleshooting guide
1-12
Cisco Wide Area Application Services Configuration Guide
OL-26579-01
Chapter 1 Configuring Other System Settings
Configuring Secure Store Settings
• If you have a backup made when the secure store was in user-provided passphrase mode and you
restore it to a system where the secure store is in auto-generated passphrase mode, you must enter
the user passphrase to proceed with the restore. After the restore, the system is in user-provided
passphrase mode. If you have a backup made when the secure store was in auto-generated
passphrase mode and you restore it to a system where the secure store is in user-provided passphrase
mode, you do not need to enter a password. After the restore, the system is in auto-generated
passphrase mode.
• When you enable secure store on a WAE device, the system initializes and retrieves a new
encryption key from the Central Manager. The WAE uses this key to encrypt data such as CIFS
prepositioning credentials and information on the disk (if disk encryption is also enabled).
• When you reboot the WAE after enabling secure store, the WAE retrieves the key from the Central
Manager automatically, allowing normal access to the data that is stored in WAAS persistent
storage. If key retrieval fails, a critical alarm is raised and secure store should be reopened manually.
Until secure store is reopened, the WAE rejects configuration updates from the Central Manager if
the updates contain CIFS preposition, dynamic share, or user configuration. Also, the WAE does not
include preposition configuration in the updates that it sends to the Central Manager.
• While secure store encrypts certain system information, it does not encrypt the data on the hard
drives. To protect the data disks, you must enable disk encryption separately. See the “Enabling Disk
Encryption” section on page 1-30.
Enabling Secure Store Encryption on the Central Manager
Secure store is enabled by default on a new Central Manager, with a system-generated password that
opens the secure store after the system boots. You do not need to do anything to enable secure store.
If a Central Manager is configured in user-provided passphrase mode, you must manually open the
secure store after the system boots. To open secure store encryption on the Central Manager, follow these
steps:
Step 1 From the WAAS Central Manager menu, choose Admin > Secure Store. The Configure CM Secure
Store window appears.
Step 2 Enter the secure store passphrase in the Current passphrase field under Open Secure Store.
Step 3 Click the Open button.
The secure store is opened. Data is encrypted using the key derived from the password.
To open the secure store from the CLI, use the cms secure-store open EXEC command.
Note Whenever you reboot a Central Manager that is configured in user-provided passphrase mode, you must
reopen the secure store manually. All services that use the secure store (disk encryption, CIFS
prepositioning, SSL acceleration, AAA, and so on) on the remote WAE devices do not operate properly
until you enter the secure store password on the Central Manager to reopen the secure store. Switch to
auto-generated passphrase mode to avoid having to reopen the secure store after each reboot.